All news with #denial of service tag

⚠️ Cisco disclosed a new attack variant that targets devices running Cisco Secure Firewall ASA and FTD software that are vulnerable to CVE-2025-20333 and CVE-2025-20362. The exploit can cause unpatched devices to unexpectedly reload, creating denial-of-service conditions, and follows prior zero-day campaigns that delivered malware such as RayInitiator and LINE VIPER, per the U.K. NCSC. Cisco additionally released patches for critical Unified CCX flaws and a high-severity DoS bug in ISE, and urges customers to apply updates immediately.

⚠️ Security researcher Jose Pino disclosed "Brash", a severe flaw in the Blink rendering engine that can crash many Chromium-based browsers within 15–60 seconds via a single malicious URL. The root cause is missing rate limiting on the document.title API, enabling attackers to inject millions of DOM mutations per second and saturate the browser UI thread. Pino describes a three-phase technique — hash generation, burst injection, and UI-thread saturation — and warns the code can be time-triggered to act like a logic bomb. Affected products include Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, Arc, Dia, and some AI browser interfaces; Firefox and Safari are not vulnerable.

⚠ A researcher, Jose Pino, published a proof-of-concept on October 29 demonstrating a Blink rendering-engine flaw that can crash Chrome, Microsoft Edge and several other Chromium-based browsers within seconds by flooding document.title updates. Pino says he reported the issue to Google on August 28 and, after no response, released the PoC to force public attention. The exploit saturates the main thread with millions of DOM mutations per second, producing rapid CPU spikes, tab freezes and eventual process termination, and it raises particular concern for headless and automated enterprise workflows.

🔒 CISA and Schneider Electric describe a vulnerability (CVE-2024-10085) in EcoStruxure that allows remote actors to exhaust server resources and cause denial of service by sending a large number of OPC UA requests to the server. Affected products include EcoStruxure OPC UA Server Expert versions prior to SV2.01 SP3 and EcoStruxure Modicon Communication Server (all versions). The issue has a CVSS v4 base score of 8.2 and is noted as remotely exploitable with low attack complexity. Schneider has released SV2.01 SP3 to address the OPC UA Server Expert and plans remediation for Modicon; interim mitigations and hardening guidance are provided.

⚠️ A remote NULL pointer dereference in NIHON KOHDEN CNS-6201 central monitors can be triggered by a specially crafted UDP packet, causing the monitoring process to terminate and producing a denial-of-service. The issue is unauthenticated, reproducible when UDP is reachable, and is tracked as CVE-2025-59668 with CVSS v4 8.7. Vendor support for affected versions has ended; users should migrate to successor products or apply strict network-level mitigations such as isolation, boundary devices, and careful traffic monitoring.

⚠️ The latest releases of Cursor and Windsurf IDEs embed outdated Chromium and V8 engines that contain at least 94 known, patched vulnerabilities. Ox Security researchers demonstrated a proof‑of‑concept exploiting CVE-2025-7656 (a Maglev JIT integer overflow) to crash Cursor, and warn that similar flaws could enable denial‑of‑service or arbitrary code execution in real attacks. Attack vectors include deeplinks, malicious extensions, poisoned README previews or documentation; the two IDEs together serve an estimated 1.8 million developers. Cursor dismissed the DoS finding as out of scope and Windsurf did not respond to inquiries.

⚠️ Rockwell Automation has disclosed an uncaught exception vulnerability in Compact GuardLogix 5370 controllers that can be triggered by a crafted CIP unconnected explicit message and may cause a non‑recoverable fault resulting in denial-of-service. The issue is tracked as CVE-2025-9124 and carries a CVSS v4 base score of 8.7, indicating remote exploitability with low complexity. Rockwell recommends upgrading affected devices to firmware 30.14 or later; organizations unable to upgrade should follow vendor security best practices and apply network isolation measures.

🔒 Siemens published an advisory (republished by CISA) for multiple vulnerabilities affecting RUGGEDCOM ROS devices, including CVE-2023-52236 and several CVE-2025-4122x issues. The flaws involve risky cryptographic algorithms, improper TLS handshake handling that can cause DoS, and an access-control enforcement failure that persists until reboot. Siemens has released updates (V5.10.0+) for many models and recommends restricting management ports, disabling web/SSH services if unused, and configuring GCM ciphers where applicable. CISA reiterates standard ICS guidance to minimize network exposure and isolate control networks.

⚠️ A remotely exploitable uncaught exception in Rockwell Automation's ArmorStart AOP for Studio 5000 Logix Designer can trigger a denial-of-service on versions V2.05.07 and earlier. The issue arises from invalid inputs to COM methods and is tracked as CVE-2025-9437 with a CVSS v4 base score of 8.7 (high). Rockwell reports no fix is available; users should apply vendor best practices and minimize network exposure.

🔒 Rockwell Automation reported a FactoryTalk ViewPoint XML External Entity (XXE) vulnerability (CVE-2025-9066) that can be exploited remotely with low attack complexity to induce a temporary denial-of-service via crafted SOAP requests. Affected devices include PanelView Plus 7 terminals (version 14 and prior). Rockwell released firmware fixes and patches, and CISA recommends minimizing network exposure, isolating control networks, and applying vendor updates promptly. The vulnerability is scored CVSS v4 8.7 (CVSS v3.1 7.5).

⚠️ Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. The issue has been tagged as an incident in the admin center while Redmond reviews telemetry and recent service changes to identify the root cause. Microsoft first acknowledged the problem at 05:06 AM UTC and said it continued analysis nearly four hours later to develop a fix. Impact appears limited to users served by the affected infrastructure.

⚠️ Rockwell Automation has published an advisory for Stratix switches informing operators of a stack-based buffer overflow in the SNMP subsystem derived from Cisco IOS XE (CVE-2025-20352). A remote, authenticated attacker with knowledge of SNMPv2c read-only community strings or valid SNMPv3 credentials could cause a denial-of-service, while administrative (privilege 15) credentials may permit arbitrary code execution as root. Affected models include Stratix 5700, 5400, 5410, 5200, and 5800; Rockwell and CISA recommend applying Cisco workarounds, implementing network isolation, using secure remote access, and following Rockwell advisory SD1749.

⚠️ Festo devices running affected EtherNet/IP firmware are vulnerable to multiple remotely exploitable issues, including incorrect numeric conversions, out-of-bounds reads, and reachable assertions that can lead to denial-of-service or data disclosure. Combined CVSS scores reach up to 8.2, and successful exploitation requires low attack complexity. Festo reports no planned fixes; CISA advises minimizing network exposure, disabling EtherNet/IP when unused, isolating control networks, and using secure remote access such as up-to-date VPNs. Organizations should limit exposure, monitor EtherNet/IP activity, and report suspected incidents.

⚠️ CISA published an advisory for OpenPLC_V3 describing a denial-of-service vulnerability (CVE-2025-54811) caused by a missing return in the enipThread function that can trigger an illegal instruction and crash the PLC runtime. The flaw affects versions prior to pull request #292 and can stop PLCs under certain conditions. A patch is available in PR #292; administrators should update and isolate affected devices.

⚠️ Cisco has warned of a stack overflow vulnerability in the SNMP subsystem of IOS and IOS XE software identified as CVE-2025-20352. A low-privileged authenticated attacker can send a crafted SNMP packet to cause a system reload and a denial-of-service, while a high-privileged actor could achieve root-level arbitrary code execution. Administrators are urged to apply vendor patches immediately and restrict SNMP access until systems are updated.

⚠️ CISA advises that a denial-of-service vulnerability (CVE-2025-8531) affects Mitsubishi Electric MELSEC-Q Series CPU modules when the user authentication function is enabled, due to improper handling of a length parameter (CWE-130). The issue has a CVSS v3.1 base score of 6.8 (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) and is exploitable remotely but characterized by high attack complexity. Mitsubishi has identified fixed units with serial ranges beginning '27082' or later and recommends migrating to the successor MELSEC iQ-R Series where updates are unavailable; organizations should apply network-access restrictions and defense-in-depth mitigations.

🔔 A vulnerability in Westermo WeOS 5 when IPSec is enabled can allow a specially crafted ESP packet to trigger an immediate device reboot. Westermo reported the flaw and released WeOS 5 version 5.24.0 to address the issue. CISA rates the vulnerability as remotely exploitable with a CVSS v4 score of 8.2 and notes high attack complexity.

🔒 CISA republished an advisory describing a Siemens-reported OpenSSL bug (CVE-2022-0778) that can cause an infinite loop during certificate parsing in many Siemens products. The issue affects multiple product families and has a CVSS v3.1 base score of 7.5, allowing remote denial-of-service with low attack complexity. Siemens has published firmware and software updates and recommends applying vendor updates, restricting network access to affected interfaces, and following product hardening guidance where fixes are not yet available.

🔔 Siemens ProductCERT and CISA report multiple integer overflow vulnerabilities (CVE-2021-41990, CVE-2021-41991) affecting a broad set of SIMATIC NET CP, SINEMA and SCALANCE devices. Exploitation can cause denial-of-service by triggering integer wraparound; remote code execution is considered unlikely. Siemens provides firmware fixes and workarounds; operators should apply vendor updates, restrict network exposure and follow Siemens operational security guidance.

⚠️ Hitachi Energy reported multiple vulnerabilities in the RTU500 series including null pointer dereference, XML parser flaws, heap and stack buffer overflows, integer overflow, and IEC 61850 message validation errors. Several CVEs have been assigned (e.g., CVE-2023-2953, CVE-2024-45490–45492, CVE-2024-28757, CVE-2025-39203, CVE-2025-6021) and the highest CVSS v4 score is 8.2. Exploitation could cause Denial-of-Service conditions such as device reboots or disconnects. Hitachi Energy provides firmware updates for affected 12.7.x–13.7.x releases and CISA recommends patching, minimizing network exposure, applying segmentation, and using secure remote access.